Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/9PhS3ujkrdif6eYYViImR0vp9So.roa
File:                     9PhS3ujkrdif6eYYViImR0vp9So.roa (raw, json)
Hash identifier:          zPtTeVNTvXn1qkfoNvjlF17YswK3tvpAAkUPr++/Irc=
Subject key identifier:   F4:F8:52:DE:E8:E4:AD:D8:9F:E9:E6:18:56:22:26:47:4B:E9:F5:2A
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       018CC5014DCDEE96F81CC429950059960DAD
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/9PhS3ujkrdif6eYYViImR0vp9So.roa
Signing time:             Mon 01 Jan 2024 12:30:46 +0000
ROA not before:           Mon 01 Jan 2024 12:30:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211440
IP address blocks:        88.216.209.0/24 maxlen: 24
                          88.216.46.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 01:55:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:4d:cd:ee:96:f8:1c:c4:29:95:00:59:96:0d:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Jan  1 12:30:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f4f852dee8e4add89fe9e618562226474be9f52a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:9b:e8:4a:f8:4b:e8:ba:21:09:c6:70:0f:3c:
                    b2:9e:f7:6c:c7:7c:19:61:4c:41:78:2b:7e:f4:f0:
                    06:0b:9e:d9:dc:bf:74:9d:6f:f5:c4:fd:8e:74:8b:
                    ac:33:fc:f9:07:6c:35:66:5f:8b:74:ae:0a:5f:53:
                    31:88:60:ef:03:e5:4c:d5:de:02:b8:b1:d4:f0:46:
                    39:78:ae:e8:04:16:e7:e7:31:8d:de:13:ed:16:5b:
                    11:ec:69:59:ba:b3:ed:3b:85:20:a9:d7:31:09:bb:
                    f0:49:63:89:8d:be:90:fc:18:1d:2b:e2:9f:27:ba:
                    38:ad:26:b8:87:96:bd:00:f5:9c:27:2b:06:a0:5c:
                    24:4b:50:c4:03:e2:37:5d:6e:1c:07:c5:5b:ac:2c:
                    06:85:77:ad:98:76:ab:f1:9a:30:21:8d:d8:fe:83:
                    c3:22:33:1a:dc:66:0d:d6:b5:a5:41:a9:63:a9:87:
                    b1:c6:95:6e:b7:94:3d:ad:bc:a7:b3:b6:97:c9:37:
                    dc:8f:ed:5d:11:5c:a7:1c:0b:46:ac:4d:88:c1:80:
                    f0:e4:f5:23:31:92:8a:42:58:b4:a5:07:d2:61:a3:
                    71:6a:26:42:a4:f2:61:7f:45:e8:01:7e:15:a4:87:
                    a6:fb:a0:76:be:bd:3e:a4:b4:78:11:b0:ba:ef:31:
                    0d:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:F8:52:DE:E8:E4:AD:D8:9F:E9:E6:18:56:22:26:47:4B:E9:F5:2A
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/9PhS3ujkrdif6eYYViImR0vp9So.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.216.46.0/24
                  88.216.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:c2:fd:a0:10:59:d0:9a:46:ad:a0:fd:0a:11:ed:4f:76:6d:
         f2:71:54:73:3a:4c:de:0f:97:fc:6d:5c:95:8a:62:86:87:5b:
         df:2a:51:85:00:9c:65:49:02:12:7b:fb:b6:40:c4:0a:84:70:
         4f:7b:67:47:fb:3f:e5:74:f0:99:8e:01:71:6c:db:42:e9:e0:
         b2:5a:b6:e2:14:d7:a3:72:2b:e9:aa:a1:dc:6f:1b:ab:0d:5d:
         c1:56:4a:09:94:f5:69:df:e5:1e:15:48:85:2a:f3:b6:2d:fa:
         f1:5d:94:cb:e4:01:38:2d:8e:5d:3c:c6:62:2d:ec:9a:64:52:
         8c:27:54:4f:e3:94:2e:3d:05:4a:74:bc:cc:19:39:23:7b:5c:
         7c:a4:2e:14:6a:64:88:48:90:94:cc:76:18:79:26:1a:f3:87:
         84:ae:b7:71:98:03:d5:12:48:d6:3d:83:c5:64:99:07:fa:40:
         ae:4e:8a:09:0b:25:83:6a:20:c6:1f:a0:b4:84:6b:bb:66:b0:
         a9:41:80:cc:e6:c9:60:58:91:b2:a7:5d:aa:c0:87:81:db:4a:
         10:f6:e8:fe:9c:f2:77:36:af:8e:6b:b6:9f:e9:40:c3:95:19:
         39:fd:bb:78:18:05:48:63:67:d3:7e:b0:67:45:2d:c5:a9:19:
         33:ee:d3:bf
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFAU3N7pb4HMQplQBZlg2tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjQwMTAxMTIzMDQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNGY4NTJkZWU4ZTRhZGQ4OWZlOWU2MTg1NjIyMjY0NzRiZTlmNTJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjpvoSvhL6LohCcZwDzyynvdsx3wZ
YUxBeCt+9PAGC57Z3L90nW/1xP2OdIusM/z5B2w1Zl+LdK4KX1MxiGDvA+VM1d4C
uLHU8EY5eK7oBBbn5zGN3hPtFlsR7GlZurPtO4UgqdcxCbvwSWOJjb6Q/BgdK+Kf
J7o4rSa4h5a9APWcJysGoFwkS1DEA+I3XW4cB8VbrCwGhXetmHar8ZowIY3Y/oPD
IjMa3GYN1rWlQaljqYexxpVut5Q9rbyns7aXyTfcj+1dEVynHAtGrE2IwYDw5PUj
MZKKQli0pQfSYaNxaiZCpPJhf0XoAX4VpIem+6B2vr0+pLR4EbC67zENRQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPT4Ut7o5K3Yn+nmGFYiJkdL6fUqMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvOVBoUzN1amtyZGlmNmVZWVZpSW1SMHZwOVNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWNguAwQA
WNjRMA0GCSqGSIb3DQEBCwUAA4IBAQBowv2gEFnQmkatoP0KEe1Pdm3ycVRzOkze
D5f8bVyVimKGh1vfKlGFAJxlSQISe/u2QMQKhHBPe2dH+z/ldPCZjgFxbNtC6eCy
WrbiFNejcivpqqHcbxurDV3BVkoJlPVp3+UeFUiFKvO2LfrxXZTL5AE4LY5dPMZi
LeyaZFKMJ1RP45QuPQVKdLzMGTkje1x8pC4UamSISJCUzHYYeSYa84eErrdxmAPV
EkjWPYPFZJkH+kCuTooJCyWDaiDGH6C0hGu7ZrCpQYDM5slgWJGyp12qwIeB20oQ
9uj+nPJ3Nq+Oa7af6UDDlRk5/bt4GAVIY2fTfrBnRS3FqRkz7tO/
-----END CERTIFICATE-----